Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iPad shows as foriegn, non-local IP

Ipad and at time iphone (i think on iphone, you can see below on ipad being a sure thing) show as a 'syrian' IP address on a local area network. "5.0.83.144"


in router logs, numerous DoS attacks are lsited. source as "5.083.144" and target is some non-local address. i don't believe it was my vpn address at the time, fairly certain it was just an outside ip.


something is incredibly fishy here. it was taken to a local repair shop then best buy. they said it was fine. i have forced both ipad and iphone to use 192.168.0.56 and 192.168.0.57. so i cannot even force it to use that ip address. trying to help my parents out. i don't own apple producs, but i am technically inclined. if you give me some keywords to google, i can take care of the rest. think both are within 1-2 years old as far as which model... i'd assume this is broad enough problem not to have to find that info. restore necessary? app to clean it? it is clearly being used as a bot in a distributed attack, lol. i thought apple didn't have these problems?


User uploaded file

iPad Air Wi-Fi, iOS 12

Posted on Sep 26, 2018 1:09 PM

Reply

Similar questions

9 replies

Sep 26, 2018 3:29 PM in response to joesmoe12

this is filling up at about 1 page per hour. various "target" ip's, but they stick with one for a while. since i cleared, therewere 3 other targets, 4 total and 1 was half the log (all at bottom). as you can see, the 'source' ip is the ipad assigned IP address, 5.0.83.144. again, no router would ever assign such an ip to a local pc. it's not my external IP from ISP, either. it's not a range owned by my vpn.


User uploaded file

Oct 1, 2018 10:22 AM in response to joesmoe12

Have a look at this Netgear discussion:

DoS attack, Teardrop or derivative, Ping of Death,... - NETGEAR Communities


I have not read the entire thread but it sounds like Netgear device doesn't support IPv6 correctly. It is misinterpreting IPv6 address. Pay attention to fqm889's post (message 19 of 76). You might want to search for firmware update if there's any.

Sep 26, 2018 2:59 PM in response to ShagCA

yes, i am in the US. No, it is not jailbroken.


It's showing as a syrian ip on a LAN -- syrian is just extra info based on google search.. the bigger issue i have is that it's not even a valid ip address for LAN! lol. does apple have an option to obfuscate the device on a lan and this may be a side effect? but the 100's of entries in log over just a couple hours at most would rule out non-nefarious things, i'd think. (edit: log -> ddos attacks)

Sep 27, 2018 11:43 AM in response to joesmoe12

The snapshot you posted on the first post looks puzzling. Devices behind a router should be getting private IP addresses (typically in the 192.168 range) instead of public routable IPs. It does not matter what country the IP belongs to, devices shouldn't be getting those IPs unless your local network (DHCP) is configured to dispense public IP addresses to devices (this is a highly unlikely scenario for home users).


I would try factory reset the iPad if you have not done it yet. Before you do that, check your WiFi router for possible tampering or vulnerability. We may be able to point you in the right direction if you post your router model number.

Sep 28, 2018 11:34 AM in response to joesmoe12

By any chance is this a netgear router? Some models of netgear routers in the past few years have proven notorious for TCP/IP fragmentation attacks (like Teardrop, ping of death and such things that typically don’t infect newer devices and operating systems). The result would be exactly as you describe, where the TCP/IP stack gets altered and fixedly gives out nonsensical IPs. Affected netgear that I know of were the C3700 and other C-series.


Netgear may have firmware patches. If they do, download them somewhere else to your computer or a thumb drive, disconnect the router, reset it and install the firmware over a diretc cable connection.


Unfortunately in the netgear community forums, sounds like most just ended up replacing their vulnerable netgear routers with different makes.

Sep 28, 2018 11:47 AM in response to Michael Black

this is a c6250, only affecting apple ipad though. wouldn't that be random? this isn't a new problem and never branched out to the laptop or anything else connected, ever.


yes, shagca, it is odd. lol. that info was given in first post and re-mentioned in second post i believe (*my posts, so either misread or a communciation barrier due to 2 different languages, can't tell because you are more than fluent in print). i have a degree in computers, but i don't deal with apple stuff or minutiea of networks beyond basics - i do know local ranges because i actively block all unneccessary private/lan ip ranges as well as a few shady countries. sure there's ways around it but at least not the lowest hanging fruit -- this ipad owner cannot do anything that advanced, reliably. it has to be very simple and hopefull not lose all her personal info. reading a gui and trying everythign thats in the router options is most likely done. unfortunately i cannot block ip ranges by ipv4 address. i've tried adding 5.0.83. and 5.0.83.144, netgear is lame and i cannot use a numerical address for some stupid reason.


actually, as of today i know it's not the router. that "ipad" went on a vacataion and guess when all the dos attacks stopped. immediately after it left the network, no problems since that time.


this is defintiely an apple thing. i even found an article about the vulnerability. https://www.theinquirer.net/inquirer/news/2403673/iphone-ipad-and-mac-bug-could- allow-hackers-to-remotely-launch-dos-att… it's old but must still be there or she tapped yes to something stupid and allowed it in etc. whether user error or not, it's definteiyl the Ipad that does this and nothign else on network.


resetting will fix something like that? The OS is up to date and kept up to date, religiously too. they don't know how to back things up, either. this isn't going to go well for me. any dangers to backing up personal info -- a la re-infect it after restore?


it doesn't slow down traffic, and i don't really care if someone in brazil has a problem due to it, lol. as long as they can't steal credit card info i may just ignore it.

Oct 1, 2018 10:22 AM in response to ShagCA

heh, i'll hav eto check if that's the hex=>dec and why it remains 5.0.83.144 each time (edit: looks like it)... still only happens with the apple product and nothing else. hard to blame netgear, lol. clearly it's an apply thing. i have other devices that are ipv6 capable and use it.


i had this problem when dealing with an older video card. there was a severe problem with various 3d gpu and windows throttling too low with 2d apps, like a movie player. it would cause a gpu-shutdown-recovery cycle. windows blames amd/nvida, nvidia blames windows and it never is fixed, lol. i was one of the first people to post about removing the s1-state in the xml for amd, if not first, for a "duct-tape" fix. also a lesson on never to but off-brand products for computers... they are junky. that threadis from 2016 in netgear's forums, lol... they or apple simply don't give a ....

iPad shows as foriegn, non-local IP

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.